cookies – Log in user using WordPress REST API

Question

I am having problems authenticating a user after logging in using a custom endpoint using the WordPress REST API.

I’m aware that this is not the perfect approach but I am just trying to make a few custom routes so that I can prototype a mobile app. I have searched countless forums and I have looked at a number of other answers but I can’t seem to find out what the problem is in my code.

Code to create a User account

add_action( 'rest_api_init', 'my_test_register_user_routes' );
function my_test_register_user_routes() {
    
    register_rest_route( APP_NAMESPACE, '/user', [
        'methods'  => WP_REST_Server::CREATABLE,
        'callback' => 'my_test_create_user',
    ] );
}

function my_test_create_user($request) 
{   
    //create user and get ID
    $new_user = [];
    $new_user['username'] = $request['username'];
    $new_user['email'] = $request['email'];
    $new_user['password'] = $request['password'];

    $user = wp_insert_user( [
        'user_login' => $new_user['username'],
        'user_email' => $new_user['email'],
        'user_pass' => $new_user['password']
    ] );

    if( is_wp_error( $user ) ) {
        return rest_ensure_response( [
            'error' => 1,
            'msg' => $user->get_error_message()
        ] );
    }
        
    return rest_ensure_response( ['User' => 'User created'] );
}

Code to log in a user

/* 
    ========================AUTHENTICATION ROUTES========================
*/
add_action( 'rest_api_init', 'my_test_register_authentication_routes' );
function my_test_register_authentication_routes() {
    
    register_rest_route( APP_NAMESPACE, '/login', [
        'methods'  => WP_REST_Server::CREATABLE,
        'callback' => 'my_test_login_user',
    ] );
}

function my_test_login_user($request) 
{   
    $creds = [];
    $creds['user_login'] = $request["user"];
    $creds['user_password'] =  $request["password"];
    $creds['remember'] = true;
    $user = wp_signon( $creds, false ); 
    
    if ( is_wp_error($user) )
        return rest_ensure_response( [
            'login' => 0,
            'msg'   => $user->get_error_message()
        ] );
    

    wp_set_current_user($user->ID);
    wp_set_auth_cookie($user->ID,true);
    $nonce = wp_create_nonce('wp_rest');

    if (is_user_logged_in()) {
        $current_user="Y";
    } else {
        $current_user="N";
    }
    
    return rest_ensure_response( [
        'login' => 1,
        'id' => $user->ID,
        'nonce' => $nonce,
        'is_user_logged_in' => $current_user,
        'msg'   => 'You have successfully logged in'
    ] );
}

Now all this looks fine, the user is successfully logged in and expected the data is returned.

The code to check if the user is logged in below

add_action( 'rest_api_init', 'check_status_route' );
function check_status_route($request)
{
    register_rest_route( APP_NAMESPACE, '/status', [
        'methods'  => WP_REST_Server::READABLE,
        'callback' => 'check_status',
    ] );
}

function check_status($request)
{
    if (is_user_logged_in()) {
        $status = "Logged In";
    } else {
        $status = "Logged Out";
    }
    
    return rest_ensure_response( ['status' => $status] );
}

The check_status() function returns the following

{
    "code": "rest_cookie_invalid_nonce",
    "message": "Cookie nonce is invalid",
    "data": {
        "status": 403
    }
}

I have tried using the nonce as both a header and in the URL. What am I missing/doing wrong?

0
Courtney 8 months 2022-04-18T22:06:53-05:00 0 Answers 0 views 0

Leave an answer

Browse
Browse